Resending my answer, because I guess you didn't get it: On 15/02/2019 17:11, Sam Roberts wrote: > Resending, I just got banned for "bounces", though why gmail would be > bouncing I don't know. > > On Thu, Feb 14, 2019 at 2:51 PM Sam Roberts <vieuxt...@gmail.com> wrote: > In particular, I'm getting a close_notify alert, followed by two > NewSessionTickets from the server.
This sounds like a bug somewhere. Once you have close_notify you shouldn't expect anything else. Is that an OpenSSL server? Matt > > The does SSL_read()/SSL_get_error(), it is returning > SSL_ERROR_ZERO_RETURN, so I stop calling SSL_read(). > > However, that means that the NewSessionTickets aren't seen, so I don't > get the callbacks from SSL_CTX_sess_set_new_cb(). > > Should we be calling SSL_read() until some other return value occurs? > > Note that no data is written by the server, and SSL_shutdown() is > called from inside the server's SSL_CB_HANDSHAKE_DONE info callback. > The node test suite is rife with this pracitce, where a connection is > established to prove its possible, but then just ended without data > transfer. For TLS1.2 we get the session callbacks, but TLS1.3 we do > not. > > This is the trace, edited to reduce SSL_trace verbosity: > > server TLSWrap::SSLInfoCallback(where SSL_CB_HANDSHAKE_DONE, alert U) > established? 0 > state 0x21 TWST: SSLv3/TLS write session ticket TLSv1.3 > server TLSWrap::DoShutdown() established? 1 ssl? 1 > Sent Record > Inner Content Type = Alert (21) > Level=warning(1), description=close notify(0) > Sent Record > NewSessionTicket, Length=245 > Sent Record > NewSessionTicket, Length=245 > > > client TLSWrap::OnStreamRead(nread 566) > Received Record > Level=warning(1), description=close notify(0) > > SSL_read() => 0 > SSL_get_shutdown() => SSL_RECEIVED_SHUTDOWN > SSL_get_error() => SSL_ERROR_ZERO_RETURN > > At this point, we consider the connection closed... not sure what else to do. > > Thanks, > Sam >
